[German]Various security updates for Windows Server 2012/R2 (1st ESU year) were published on July 9, 2024. Support for Windows 7 SP1 and Windows Server 2008 R2 expired in January 2024. However, updates for Windows Embedded Standard 7 can be downloaded from the Microsoft Update Catalog. Here is an overview of these updates for Windows Server 2012/R2 and Windows Embedded Standard 7.
Preliminary remarks on the update installation
Please note the information on the installation sequence for Windows Server that Microsoft provides in the KB articles. Windows 7 (dropped out of support in January 2020) and Windows 8.1 in January 2023. ESU support ended in January 2024, but Windows 7 systems can be provided with security updates via Embedded Updates. Windows Server 2012/R2 dropped out of support in October 2023 and will only receive updates with an ESU license. If you are still using Windows 8.1, you can install the Server 2012 R2 updates with ESUBypass (see).
Updates for Windows Server 2012 R2
A rollup (for systems with an ESU license) has been released for Windows Server 2012 /R2. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.
KB5040456 (Monthly Rollup) for Windows Server 2012 R2
Update KB5040456 (Monthly Rollup for Windows Server 2012 R2) contains improvements and fixes, and eliminates various vulnerabilities that are not specified. It says about the improvements:
- DST: The official name of the former "Republic of Turkey" is changed to Republic of Türkiye in English. For more information about DST changes, see the Daylight Saving Time & Time Zone Blog.
- IME: In some scenarios, an Input Method Editor (IME) will either not show or show in an incorrect position.
- RADIUS protocol: A security vulnerability exists in the Remote Authentication Dial-In User Service (RADIUS) protocol related to MD5 collision problems. For more information, see KB5040268.
- Windows Installer: When the installer repairs an application, the User Account Control (UAC) does not prompt for your credentials. After you install this update, the UAC will prompt for them. Because of this, you might have to update your Automation scripts and add the Shield icon. This indicates that the process requires full administrator access. To turn off the UAC prompt, set the HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\DisableLUAInRepair registry value to 1. For more information, see:
This update is automatically downloaded and installed by Windows Update in Windows Server 2012 R2, but is also available in the Microsoft Update Catalog and via WSUS. The installation of this Enhanced Security Update (ESU) may fail on an Azure Arc-enabled device running Windows Server 2012 R2. Details on fixes and any known issues related to the update are listed in the support article.
There is no security-only update for Windows Server 2012 R2.
Updates for Windows Server 2012
A rollup update for Windows Server 2012 and Windows Embedded 8 Standard has been released for systems with an ESU license. The update history for Windows 8.1 and Windows Server 2012 R2 can be found on this Microsoft page.
KB5040485 (Monthly Rollup) for Windows Server 2012
Update KB5040485 (Monthly Rollup for Windows Server 2012, Windows Embedded 8 Standard) contains improvements and fixes as well as security patches. This update is available in the Microsoft Update Catalog and via WSUS. For a manual installation, the latest Servicing Stack Update (SSU) must be installed first – although this SSU can no longer be uninstalled. The installation of this Enhanced Security Update (ESU) may fail on an Azure Arc-enabled device running Windows Server 2012. Issues related to the update are listed in the KB article.
There is no security-only update for Windows Server 2012
Updates for Windows Windows 7
For Windows Server 2008 R2 SP1 with ESU and Windows 7, official updates for systems with an ESU license (1st, 2nd, 3rd and 4th year complete) were made available for the last time in January 2024. However, updates for July 2024 for Windows Embedded Standard 7 are available in the Microsoft Update Catalog, which can be installed even though the ESU period should actually have expired. To search, enter "2024-07 Embedded standard 7". Here are the updates available:
- KB5040498 – Security only
- KB5040497 – Rollup
- KB5040426 – Internet Explorer 11 kumulativ
Furthermore, ACROS Security offers micro patches for protection until 2025 (see 0patch secures Microsoft Edge for Windows 7/Server 2008/2012/R2 until Jan. 2025).
Similar articles:
Microsoft Security Update Summary (July 9, 2024)
Patchday: Windows 10/Server Updates (July 9, 2024)
Patchday: Windows 11/Server 2022-Updates (July 9, 2024)
Windows Server 2012 / R2 and Windows 7 (July 9, 2024)
Microsoft Office Updates (July 9, 2024)
